Biometric authentication for, and secure electronic tracking of, restricted over-the-counter drug sales

ABSTRACT

A mobile device is provided that includes biometric sensor(s), and a processor that causes the biometric sensor(s) to acquire a physiological marker of a user, and identify and authenticate the user. The processor sends a message to an authentication server that indicates the user is authenticated, and receives a response from the authentication server that includes a unique authentication code. The processor receives selection of a thereby selected over-the-counter (OTC) drug, and communicates with a point-of-sale (POS) system with contactless payment capability. The processor sends a purchase message to the POS system that includes the unique authentication code, an identifier of the selected OTC drug, and payment information. And the POS system communicates with the authentication server to validate the unique authentication code, and with an authorization server to authorize payment for the selected OTC drug based on the payment information.

CROSS-REFERENCE TO RELATED APPLICATION(S)

The present application claims priority to U.S. Provisional PatentApplication No. 62/479,959, entitled: Biometric Authentication for, andSecure Electronic Tracking of Restricted Over-the-Counter Drug Sales,filed on Mar. 31, 2017, the content of which is incorporated herein byreference in its entirety.

TECHNOLOGICAL FIELD

The present disclosure relates generally to biometric authentication andcontactless payment systems and, in particular, to biometricauthentication for, and secure electronic tracking of, restrictedover-the-counter drug sales.

BACKGROUND

Biometric authentication involves use of physiological markers toidentify and thereby authenticate. These physiological markers include,for example, fingerprint, palm print, hand geometry, face recognition,iris recognition, retina recognition and the like. The technology isbecoming more commonplace in a number of applications includingcontactless payment systems in which smartphones and other mobiledevices use short-range communication technology to make secure paymentsat the point of sale. Apple Pay, Android Pay and Samsung Pay are threesystems that use fingerprint authentication.

While biometric authentication and contactless payment systems have madea number of point-of-sale transactions easier and more efficient, thereare a number of transactions that remain complicated. One example of acomplicated point-of-sale transaction is for the sale of certainrestricted over-the-counter (OTC) (i.e., non-prescription) drugs such asthose drugs covered by the Combat Methamphetamine Epidemic Act of 2005(CMEA) in the United States. The CMEA regulates products contained incertain OTC drugs including ephedrine and pseudoephedrine (PSE) becauseof their use in the manufacture of illegal drugs. The CMEA requiresmerchants to restrict public access to regulated products, verify proofof identity of all purchasers (e.g., government-issued identification),and track all purchasers and purchases.

Therefore it would be desirable to have a system and method that takesinto account at least some of the issues discussed above, as well asother possible issues.

BRIEF SUMMARY

In view of the foregoing background, example implementations of thepresent disclosure are directed to biometric authentication andcontactless payment systems and, in particular, to biometricauthentication for, and secure electronic tracking of, restrictedover-the-counter drug (e.g., PSE) sales.

The present disclosure thus includes, without limitation, the followingexample implementations.

Some example implementations provide a mobile device comprising one ormore biometric sensors configured to acquire a physiological marker fromwhich a user is identifiable and thereby authenticated; a short-rangecommunication interface configured to implement short-rangecommunication technology and enable contactless payment capability ofthe mobile device; and a processor coupled to the one or more biometricsensors and short-range communication interface, and programmed to atleast: cause the one or more biometric sensors to acquire thephysiological marker, and identify and authenticate the user basedthereon; send a message to an authentication server that indicates theuser is authenticated, and receive a response from the authenticationserver that includes a unique authentication code; receive selection ofa thereby selected over-the-counter (OTC) drug; and communicate with apoint-of-sale (POS) system with contactless payment capability, topurchase the selected OTC drug using the short-range communicationinterface and the contactless payment capabilities of the mobile deviceand POS system, wherein the processor being programmed to communicatewith the POS system includes being programmed to send a purchase messageto the POS system that includes the unique authentication code, anidentifier of the selected OTC drug, and payment information, the POSsystem being configured to communicate with the authentication server tovalidate the unique authentication code, and with an authorizationserver to authorize payment for the selected OTC drug based on thepayment information.

In some example implementations of the mobile device of any precedingexample implementation, or any combination of any preceding exampleimplementations, the POS system has a known location, and the processorbeing programmed to authenticate the user based on the physiologicalmarker and communicate with the POS system using the short-rangecommunication interface locks-in the user thereby authenticated at theknown location.

In some example implementations of the mobile device of any precedingexample implementation, or any combination of any preceding exampleimplementations, the authentication server is operated by a serviceprovider, and the processor is further programmed to enable the serviceprovider to verify an identity of the user, including the processorbeing programmed to at least capture data from a proof of identity ofthe user; and send the data to the service provider to enable theservice provider to verify the identity of the user from the data, theidentity of the user being verified before the authentication server isenabled to send the response that indicates the unique authenticationcode.

In some example implementations of the mobile device of any precedingexample implementation, or any combination of any preceding exampleimplementations, the processor is further programmed to enable the userto register an account with the service provider before the message issent to the authentication server, and during which the processor isprogrammed to enable the service provider to verify the identity of theuser.

Some example implementations provide apparatus configured to implement aself-service kiosk or integrated shelf dispenser, the apparatuscomprising one or more biometric sensors configured to acquire aphysiological marker from which a user is identifiable and therebyauthenticated; and a processor coupled to the one or more biometricsensors, and programmed to at least: cause the one or more biometricsensors to acquire the physiological marker, and identify andauthenticate the user based thereon; send a message to an authenticationserver that indicates the user is authenticated, and receive a responsefrom the authentication server that includes a unique authenticationcode; receive selection of a thereby selected over-the-counter (OTC)drug; complete a purchase of the selected OTC drug, including theprocessor being programmed to send a purchase message to theauthentication server that includes the unique authentication code, anidentifier of the selected OTC drug, and payment information, theprocessor being programmed to send the purchase message for theauthentication server to validate the unique authentication code, andfor the authentication server to cooperate with an authorization serverto authorize payment for the selected OTC drug based on the paymentinformation; and receive an encrypted code to authorize release of theselected OTC drug; and a dispenser coupled to the processor and causedthereby to dispense the selected OTC drug after the purchase iscompleted.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the authentication server is operated by a serviceprovider, and the processor is further programmed to enable the serviceprovider to verify an identity of the user, including the processorbeing programmed to at least capture data from a proof of identity ofthe user; and send the data to the service provider to enable theservice provider to verify the identity of the user from the data, theidentity of the user being verified before the authentication server isenabled to send the response that indicates the unique authenticationcode.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the processor is further programmed to enable the userto register an account with the service provider before the message issent to the authentication server, and during which the processor isprogrammed to enable the service provider to verify the identity of theuser.

Some example implementations provide an apparatus configured toimplement an authentication server, the apparatus comprising a processorand a memory storing executable instructions that in response toexecution by the processor cause the apparatus to at least: receive amessage related to a purchase of an over-the-counter (OTC) drug by auser, the message indicating the user is authenticated, the messagebeing received from a mobile device, self-service kiosk or integratedshelf dispenser; send a response to the mobile device, self-servicekiosk or integrated shelf dispenser, the response including a uniqueauthentication code; receive a purchase message that includes the uniqueauthentication code, an identifier of a selected OTC drug, and paymentinformation, the purchase message being received from a point-of-sale(POS) system, or the self-service kiosk or integrated shelf dispenser;validate the unique authentication code; cooperate with an authorizationserver to authorize payment for the selected OTC drug based on thepayment information; and return an encrypted code to the POS system,self-service kiosk or integrated shelf dispenser to authorize release ofthe selected OTC drug.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the memory stores executable instructions that inresponse to execution by the processor cause the apparatus to further atleast electronically record a purchase transaction including the user,the selected OTC drug and a date or time of purchase of the selected OTCdrug.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the purchase transaction identifies the user by theunique authentication code or a physiological marker of the user.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the apparatus being caused to electronically record thepurchase transaction includes being caused to electronically record thepurchase transaction on a blockchain.

In some example implementations of the apparatus of any precedingexample implementation, or any combination of any preceding exampleimplementations, the purchase transaction identifies the user by theunique authentication code or a physiological marker of the user, andidentifies the selected OTC drug by an identifier of the selected OTCdrug that is unique to a unit thereof, wherein the identifier of theselected OTC drug is recorded on the blockchain during manufacturing orpackaging, and the apparatus is thereafter caused to electronicallyrecord the purchase transaction including the unique authentication codeor physiological marker of the user, the identifier of the selected OTCdrug, and the date or time of purchase.

Some example implementations provide a method comprising acquiring, viaone or more biometric sensors of a mobile device, a physiological markerfrom which a user is identifiable and thereby authenticated; and at themobile device; identifying and authenticating the user based on thephysiological marker; sending a message to an authentication server thatindicates the user is authenticated, and receiving a response from theauthentication server that includes a unique authentication code;receiving selection of a thereby selected over-the-counter (OTC) drug;and communicating with a point-of-sale (POS) system with contactlesspayment capability, to purchase the selected OTC drug using theshort-range communication interface and the contactless paymentcapabilities of the mobile device and POS system, wherein communicatingwith the POS system includes sending a purchase message to the POSsystem that includes the unique authentication code, an identifier ofthe selected OTC drug, and payment information, the POS systemcommunicating with the authentication server to validate the uniqueauthentication code, and with an authorization server to authorizepayment for the selected OTC drug based on the payment information.

In some example implementations of the method of any preceding exampleimplementation, or any combination of any preceding exampleimplementations, the POS system has a known location, and authenticatingthe user based on the physiological marker and communicating with thePOS system using the short-range communication interface locks-in theuser thereby authenticated at the known location.

In some example implementations of the method of any preceding exampleimplementation, or any combination of any preceding exampleimplementations, the authentication server is operated by a serviceprovider, and the method further comprises enabling the service providerto verify an identity of the user, including at least capturing datafrom a proof of identity of the user; and sending the data to theservice provider to enable the service provider to verify the identityof the user from the data, the identity of the user being verifiedbefore the authentication server is enabled to send the response thatindicates the unique authentication code.

In some example implementations of the method of any preceding exampleimplementation, or any combination of any preceding exampleimplementations, the method further comprises enabling the user toregister an account with the service provider before the message is sentto the authentication server, and during which the service provider isenabled to verify the identity of the user.

Features, aspects, and advantages of the present disclosure will beapparent from a reading of the following detailed description togetherwith the accompanying drawings, which are briefly described below. Thepresent disclosure includes any combination of two, three, four or morefeatures or elements set forth in this disclosure, regardless of whethersuch features or elements are expressly combined or otherwise recited ina specific example implementation described herein. This disclosure isintended to be read holistically such that any separable features orelements of the disclosure, in any of its aspects and exampleimplementations, should be viewed as combinable, unless the context ofthe disclosure clearly dictates otherwise.

BRIEF DESCRIPTION OF THE DRAWING(S)

Having thus described the disclosure in general terms, reference willnow be made to the accompanying drawings, which are not necessarilydrawn to scale, and wherein:

FIG. 1 illustrates a system 10 according to example implementations ofthe present disclosure;

FIG. 2 further illustrates a dynamic display of the system of FIG. 1,according to some example implementations;

FIGS. 3A, 3B, 3C and 3D illustrate an example interaction with thedynamic display according to some example implementations;

FIGS. 4 and 5 illustrate process flow diagrams according to exampleimplementations;

FIGS. 6, 7, 8 and 9 illustrate also process flow diagrams according toexample implementations; and

FIG. 10 illustrates an apparatus according to example implementations.

DETAILED DESCRIPTION

Some implementations of the present disclosure will now be describedmore fully hereinafter with reference to the accompanying drawings, inwhich some, but not all implementations of the disclosure are shown.Indeed, various implementations of the disclosure may be embodied inmany different forms and should not be construed as limited to theimplementations set forth herein; rather, these example implementationsare provided so that this disclosure will be thorough and complete, andwill fully convey the scope of the disclosure to those skilled in theart. As used herein, for example, the singular forms “a,” “an,” “the”and the like include plural referents unless the context clearlydictates otherwise. The terms “data,” “information,” “content” andsimilar terms may be used interchangeably, according to some exampleimplementations of the present invention, to refer to data capable ofbeing transmitted, received, operated on, and/or stored. Also, forexample, reference may be made herein to quantitative measures, values,relationships or the like. Unless otherwise stated, any one or more ifnot all of these may be absolute or approximate to account foracceptable variations that may occur, such as those due to engineeringtolerances or the like. Like reference numerals refer to like elementsthroughout.

FIG. 1 illustrates a system 100 according to example implementations ofthe present disclosure. As shown, the system may be implemented with anInternet-based computing architecture including a computer network or anumber of interconnected computer networks 102 in or over which a numberof systems, computers and the like communicate or otherwise operate. Asshown, these include a dynamic display 104, an information server 106, amobile device 108, a point-of-sale (POS) system 110 including a POSterminal 112 and server 114, and authentication 116 and authorization118 server computers. Although shown and described herein in the contextof an Internet-based computing architecture, it should be understoodthat the system may implemented with any of a number of differentnetwork-based architectures.

The network 102 may be implemented as one or more wired networks,wireless networks or some combination of wired and wireless networks.The network may include private, public, academic, business orgovernment networks, or any of a number of different combinationsthereof, and in the context of an Internet-based computing architecture,includes the Internet. The network may support one or more of any of anumber of different communications protocols, technologies or the like,such as cellular telephone, Wi-Fi, satellite, cable, digital subscriberline (DSL), fiber optics and the like.

The systems and computers connected to the network 102 may also beimplemented in a number of different manners. In some examples, thedynamic display 104 is implemented as a smart interactive displaydevice, tablet computer or the like. In some examples, the dynamicdisplay also includes a suitable user input interface such as atouch-sensitive surface that may be separate from or integrated into atouchscreen. As shown, the dynamic display is a network-connecteddisplay device, and it may be configured to communicate with anothercomputer such as the information server 106 over the network. In otherexamples, the dynamic display and information server may be co-located,in which case the dynamic display may or may not be network-connected.

The information server 106 is commonly implemented as a server computeralthough other implementations are contemplated (e.g., mainframecomputer, personal computer). The information server may be embodied asone or more servers, a network of interworking computing devices (e.g.,a distributed computer implemented by multiple computers) or the like.In implementations in which the information server is implemented as adistributed computer, its multiple computers may communicate over anetwork such as network 102.

The mobile device 108 is generally a small, mobile computing device suchas a smartphone. Other examples of suitable mobile devices includeportable computers (e.g., laptop computers, tablet computers), cellularphones, wearable computers (e.g., smartwatches, optical head-mounteddisplays) and the like. According to example implementations, the mobiledevice includes a biometric sensor or multiple biometric sensors (i.e.,one or more biometric sensors) configured to acquire physiologicalmarkers from which a user is identifiable and thereby authenticated(e.g., fingerprint, palm print, hand geometry, face recognition, irisrecognition, retina recognition). The mobile device also includesbuilt-in short-range communication technology and is contactless paymentcapable. One example of suitable short-range communication technology isnear-field communication (NFC). Other examples include radio frequencyidentification (RFID), personal area network technologies such asBluetooth, Bluetooth LE, ZigBee, infrared (e.g., Infrared DataAssociation (IrDA)) and the like.

The POS system 110 is generally a system used by a merchant to effectsales transactions, record sales and track inventory. The POS systemincludes one or more of each of a number of components including the POSterminal 112 and server 114. The POS terminal is a special-purposecomputer that interfaces with payment cards and other paymenttechnologies to make electronic funds transfers. The POS server isconfigured to transmit data from the POS terminal to a merchant serviceprovider for authorization and transfer of funds to the merchant.Similar to the mobile device 108, the POS terminal includes built-inshort-range communication technology and is contactless payment capable.

Similar to the information server 106, the POS server 114,authentication server 116 and authorization server 118 are each commonlyimplemented as a server computer although other implementations arecontemplated (e.g., mainframe computer, personal computer). Anycombination or all of the POS server, authentication server andauthorization server may be embodied as one or more servers, a networkof interworking computing devices (e.g., a distributed computerimplemented by multiple computers) or the like. In implementations inwhich the server is implemented as a distributed computer, its multiplecomputers may communicate over a network such as network 102. And insome examples, more than one of the servers (e.g., authentication serverand authorization server) are co-located.

Reference is now made to FIG. 2 which further illustrates the dynamicdisplay 104 according to some example implementations. As explainedabove, merchants of certain OTC drugs such as those regulated by theCMEA restrict public access to those products. A number of merchantsadvertise these products with other products in a retail shelfenvironment but with cards that are redeemed for the product at the timeof purchase. These product cards are often inconveniently placed andoccupy valuable space on shelves. The dynamic display of exampleimplementations offers the same information as product cards and may befree-standing or shelf mounted, and may free the shelf space otherwiseoccupied by product cards for more physical products and packages.

FIGS. 3A, 3B, 3C and 3D illustrate an example interaction with thedynamic display 104 according to some examples in which the dynamicdisplay includes a touchscreen. In the illustrated example, the dynamicdisplay communicates with the information server 106 (co-located oracross network 102) to deliver information regarding allergy and coldmedicines. In some examples, a user may be led to allergy and coldmedicines by first selecting a condition from a plurality of conditions.The dynamic display may then identify a number of brands of allergy andcold medicines. As shown in FIG. 3A, the dynamic display identifiesbrands of medicines by images of their packaging, but other manners ofidentifying brands are contemplated.

From the display in FIG. 3A, the user selects a brand of medicine whichin turn causes the dynamic display 104 to present information regardingthe selected brand. In instances in which the brand has a number ofvarieties, the dynamic display may first identify those varieties forselection. This is shown in FIG. 3B in which the varieties areidentified by images of their packaging, although again, other mannersof identifying the varieties of a selected brand of medicine are alsocontemplated.

FIG. 3C illustrates the dynamic display 104 presenting informationregarding a selected band of medicine, or a selected variety of theselected brand. As shown, this drug-specific information includes thesame or similar information to the drug label on the packaging of theselected medicine, although other information may be presented inaddition to or in lieu of the drug label. This information serves toinform and educate the user regarding the selected product. The dynamicdisplay also provides purchase instructions, which in some but not allexamples includes directing the user as to how to ask the merchant(pharmacist) for the selected medicine. In some examples, themanufacturer of the selected medicine may offer a mobile app that theuser can install on their mobile device 108 to expedite purchase of themedicine. In these examples, the dynamic display may presentinstructions to the user to download the app, as shown in FIG. 3D.

As also explained above, not only does the CMEA requires merchants torestrict public access to regulated products (e.g., PSE), but the CMEAalso requires merchants to verify proof of identity of all purchasers,and track all purchasers and purchases. This is time consuming andinconvenient. Some example implementations of the present disclosureinclude a mobile app for a mobile device 108 that enables biometricauthentication for restricted over-the-counter (OTC) drug sales, as wellas the secure electronic tracking of those sales. In some examples, themobile app is provided by a service provider with which a user of themobile app registers an account, and during this registration, theservice provider verifies the user's identity by a valid proof ofidentity such as a government-issued identification card, driver'slicense or the like.

FIG. 4 illustrates a process flow diagram 400 with various operationsperformed to carry out a restricted OTC drug sale according to someexample implementations of the present disclosure. As shown, the serviceprovider operates the authentication server 116 that implements a mobileapp server or other appropriate middleware component for providingback-end functionality to the mobile app installed on a mobile device108.

As also shown, the mobile app causes one or more biometric sensors onthe mobile device 108 to acquire a physiological marker from which auser may be identified and thereby authenticated. This physiologicalmarker may be considered a biometric identifier (ID). The mobile app mayidentify and thereby authenticate the user based on this biometric IDand data locally on the mobile device, or communicate the biometric IDto the authentication server 116 to perform theidentification/authentication. In instances in which the mobile appperforms the identification/authentication, the mobile app may insteadsend a message to the authentication server that indicates the user hasbeen authenticated. In either instance, the authentication server isresponsive to an authenticated user with a unique authentication codetransmitted back to the mobile app.

The mobile app on the mobile device 108 allows the user to select adesired OTC drug. The mobile device interacts with the POS terminal 112of the POS system 110 to purchase the selected OTC drug using respectiveshort-range communication and contactless payment capabilities of thedevices. This short-range communication between the mobile device andPOS terminal may lock-in the biometric ID and the location of the mobiledevice (the POS terminal's location being known). The mobile app sends apurchase message including the unique authentication code, an identifierof the desired OTC drug, and appropriate payment information. Thispayment information may include payment (credit, debit) cardinformation, or other appropriate information such as a payment token asmay be used in systems such as Apple Pay, Android Pay or Samsung Pay.

In some examples, the purchase message is sent to the authenticationserver 116 or authorization server 118 which cooperate with one anotherto enable the authentication server to validate the authentication code,and enable the authorization server to authorize the payment based onthe payment information. The authentication server may also at this timeelectronically record the purchase transaction including the purchaser,OTC drug and date/time of the purchase. The purchaser may be identifiedby the authentication code or a unique identifier of the user (e.g.,biometric ID). The OTC drug may be identified by its identifier, whichmay be unique to the product or unit of the product such as in the caseof a unique serial number.

After the authentication code is validated and the payment authorized,and the purchase transaction recorded, the authentication server 116 orauthorization server 118 returns an encrypted code back to the POSsystem 110 to authorize the merchant to release the OTC drug to theuser/purchaser. In some examples, the encrypted code may also be addedto packaging of the OTC drug. This may be accomplished in a number ofdifferent manners such as by printing on the packaging, printing onanother substrate affixed to the packaging, electronically reading toelectronic media (e.g., RFID) on the packaging, or the like.

As described above, one or more of the servers 106, 114, 116, 118 of thesystem 100 may be embodied as a network of interworking computingdevices. In some examples, the servers may be embodied as or otherwiseform part of network of interworking computing devices, such as in apeer-to-peer computing architecture. This may enable a number ofconfigurations of the system or in which the system participates. Oneexample of a suitable configuration is a distributed database thatmaintains the record of purchase transactions. And one example of asuitable distributed database is a blockchain, which is a shared,immutable ledger for recording the history of transactions. FIG. 5 is aprocess flow diagram 500 for a restricted OTC drug sale that expands onthe diagram 400 in FIG. 4, and includes a blockchain to record purchasetransactions.

As shown in FIG. 5, each OTC drug may be associated with a uniqueidentifier for the unit of product (e.g., serial number), which may berecorded on the blockchain during manufacturing/packaging. The productmay be purchased according to the process described above with referenceto FIG. 4. During this process, the product blockchain may be used asits identifier. The product blockchain may be merged with theauthentication code or user identifier (e.g., biometric ID) and recordedon the blockchain with the date/time of the purchase. In some examples,the data may be encrypted and serve as the aforementioned encryptedcode, which may also be added to packaging of the OTC drug. Theblockchain may then be used as a secure electronic record of thepurchase.

To further illustrate example implementations of the present disclosure,FIG. 6 is a process flow diagram 600 of a typical sale of an allergymedicine that may be streamlined according to example implementations.FIG. 7 illustrates a process flow diagram 700 similar to be streamlinedrelative to the diagram 600 in FIG. 6 according to some examples. Asshown in FIG. 7, after the user (consumer) understands their allergiesand treatment needs and options, the user visits the pharmacy where adynamic display 104 on an aisle with other medicines amplifiesinformation and helps the user find their product and answer questions.In some examples, the dynamic display or a mobile app on the user'smobile device 108 allows the user to choose a medicine and order aheadto the pharmacy for a quicker pickup. In the case of the mobile app, theorder may be placed without the user first visiting the pharmacy andinteracting with the dynamic display.

FIG. 8 illustrates another process flow diagram 800 similar to bestreamlined relative to the diagram 600 in FIG. 6 according to someexamples. As shown in FIG. 8, the dynamic display is implemented by aself-service kiosk or integrated shelf dispenser that combinesfunctionality of the dynamic display 104 and mobile device 108. In someexamples, the kiosk/shelf dispenser allows the user to find a productand answer questions, and includes biometric sensors for biometricauthentication, and perhaps also a scanner to scan a valid proof ofidentity. The kiosk/shelf dispenser may then complete the purchase(implementing aspects of the POS system 110) and dispense the medicine.In some examples, the user's mobile device includes a mobile app toenable the user to place an order dispensed by the kiosk/shelfdispenser.

FIG. 9 illustrates yet another process flow diagram 900 similar to bestreamlined relative to the diagram 600 in FIG. 6 according to someexamples. As shown in FIG. 9, the user goes through an initialonboarding process with the pharmacist or other service provider,similar to described above for registering an account with the serviceprovider providing the mobile app. The user can then use their mobileapp to request medicines for pickup at the pharmacist. In some examples,the mobile device 108 performs biometric authentication, as describedabove. Additionally or alternatively, in some examples, a separatedevice at the pharmacy includes biometric sensors for biometricauthentication, and perhaps also a scanner to scan a valid proof ofidentity.

According to example implementations of the present disclosure, thesystem 100 and its subsystems including the dynamic display 104,information server 106, mobile device 108, POS terminal 112, POS server114, authentication server 116 and authorization server 118 may beimplemented by various means. Means for implementing the system and itssubsystems may include hardware, alone or under direction of one or morecomputer programs from a computer-readable storage medium. In someexamples, one or more apparatuses may be configured to function as orotherwise implement the system and its subsystems shown and describedherein. In examples involving more than one apparatus, the respectiveapparatuses may be connected to or otherwise in communication with oneanother in a number of different manners, such as directly or indirectlyvia a wired or wireless network or the like.

FIG. 10 illustrates an apparatus 1000 according to some exampleimplementations of the present disclosure. Generally, an apparatus ofexemplary implementations of the present disclosure may comprise,include or be embodied in one or more fixed or portable electronicdevices. The apparatus may include one or more of each of a number ofcomponents such as, for example, a processor 1002 connected to a memory1004 (e.g., storage device).

The processor 1002 may be composed of one or more processors alone or incombination with one or more memories. The processor is generally anypiece of computer hardware that is capable of processing informationsuch as, for example, data, computer programs and/or other suitableelectronic information. The processor is composed of a collection ofelectronic circuits some of which may be packaged as an integratedcircuit or multiple interconnected integrated circuits (an integratedcircuit at times more commonly referred to as a “chip”). The processormay be configured to execute computer programs, which may be storedonboard the processor or otherwise stored in the memory 1004 (of thesame or another apparatus).

The processor 1002 may be a number of processors, a multi-core processoror some other type of processor, depending on the particularimplementation. Further, the processor may be implemented using a numberof heterogeneous processor systems in which a main processor is presentwith one or more secondary processors on a single chip. As anotherillustrative example, the processor may be a symmetric multi-processorsystem containing multiple processors of the same type. In yet anotherexample, the processor may be embodied as or otherwise include one ormore ASICs, FPGAs or the like. Thus, although the processor may becapable of executing a computer program to perform one or morefunctions, the processor of various examples may be capable ofperforming one or more functions without the aid of a computer program.In either instance, the processor may be appropriately programmed toperform functions or operations according to example implementations ofthe present disclosure.

The memory 1004 is generally any piece of computer hardware that iscapable of storing information such as, for example, data, computerprograms (e.g., computer-readable program code 1006) and/or othersuitable information either on a temporary basis and/or a permanentbasis. The memory may include volatile and/or non-volatile memory, andmay be fixed or removable. Examples of suitable memory include randomaccess memory (RAM), read-only memory (ROM), a hard drive, a flashmemory, a thumb drive, a removable computer diskette, an optical disk, amagnetic tape or some combination of the above. Optical disks mayinclude compact disk-read only memory (CD-ROM), compact disk-read/write(CD-R/W), DVD or the like. In various instances, the memory may bereferred to as a computer-readable storage medium. The computer-readablestorage medium is a non-transitory device capable of storinginformation, and is distinguishable from computer-readable transmissionmedia such as electronic transitory signals capable of carryinginformation from one location to another. Computer-readable medium asdescribed herein may generally refer to a computer-readable storagemedium or computer-readable transmission medium.

In addition to the memory 1004, the processor 1002 may also be connectedto one or more interfaces for displaying, transmitting and/or receivinginformation. The interfaces may include one or more communicationsinterfaces and/or one or more user interfaces. The communicationsinterface(s) may be configured to transmit and/or receive information,such as to and/or from other apparatus(es), network(s) or the like. Thecommunications interface may be configured to transmit and/or receiveinformation by physical (wired) and/or wireless communications links.The communications interface(s) may include interface(s) 1008 to connectto a network (e.g., network 102), such as using technologies such ascellular telephone, Wi-Fi, satellite, cable, digital subscriber line(DSL), fiber optics and the like. And at least in instances in which theapparatus 1000 is configured to implement the mobile device 108 or POSterminal 112, the communications interface(s) may include one or moreshort-range communications interfaces 1010 configured to connect devicesusing short-range communications technologies such as NFC, RFID,Bluetooth, Bluetooth LE, ZigBee, infrared (e.g., IrDA) or the like.

The user interfaces may include a display 1012 and/or one or more userinput interfaces 1014. The display may be configured to present orotherwise display information to a user, suitable examples of whichinclude a liquid crystal display (LCD), light-emitting diode display(LED), plasma display panel (PDP) or the like. The user input interfacesmay be wired or wireless, and may be configured to receive informationfrom a user into the apparatus, such as for processing, storage and/ordisplay. Suitable examples of user input interfaces include amicrophone, image or video capture device, keyboard or keypad, joystick,touch-sensitive surface (separate from or integrated into a touchscreen)or the like. In instances in which the apparatus 1000 is configured toimplement the mobile device 108, the user interfaces may include one ormore biometric sensors 1016 such as cameras or scanners capable ofacquiring markers for or enabling technology such as fingerprint, palmprint, hand geometry, face recognition, iris recognition, retinarecognition. The user interfaces may further include one or moreinterfaces for communicating with peripherals such as printers, scannersor the like.

As indicated above, program code instructions may be stored in memory,and executed by processor that is thereby programmed, to implementfunctions of the systems, subsystems, tools and their respectiveelements described herein. As will be appreciated, any suitable programcode instructions may be loaded onto a computer or other programmableapparatus from a computer-readable storage medium to produce aparticular machine, such that the particular machine becomes a means forimplementing the functions specified herein. These program codeinstructions may also be stored in a computer-readable storage mediumthat can direct a computer, processor or other programmable apparatus tofunction in a particular manner to thereby generate a particular machineor particular article of manufacture. The instructions stored in thecomputer-readable storage medium may produce an article of manufacture,where the article of manufacture becomes a means for implementingfunctions described herein. The program code instructions may beretrieved from a computer-readable storage medium and loaded into acomputer, processor or other programmable apparatus to configure thecomputer, processor or other programmable apparatus to executeoperations to be performed on or by the computer, processor or otherprogrammable apparatus.

Retrieval, loading and execution of the program code instructions may beperformed sequentially such that one instruction is retrieved, loadedand executed at a time. In some example implementations, retrieval,loading and/or execution may be performed in parallel such that multipleinstructions are retrieved, loaded, and/or executed together. Executionof the program code instructions may produce a computer-implementedprocess such that the instructions executed by the computer, processoror other programmable apparatus provide operations for implementingfunctions described herein.

Execution of instructions by processor, or storage of instructions in acomputer-readable storage medium, supports combinations of operationsfor performing the specified functions. In this manner, an apparatus1000 may include processor 1002 and a computer-readable storage mediumor memory 1004 coupled to the processor, where the processor isconfigured to execute computer-readable program code 1006 stored in thememory. It will also be understood that one or more functions, andcombinations of functions, may be implemented by special purposehardware-based computer systems and/or processor which perform thespecified functions, or combinations of special purpose hardware andprogram code instructions.

As explained above, the present disclosure includes any combination oftwo, three, four or more features or elements set forth in thisdisclosure, regardless of whether such features or elements areexpressly combined or otherwise recited in a specific exampleimplementation described herein. This disclosure is intended to be readholistically such that any separable features or elements of thedisclosure, in any of its aspects and example implementations, should beviewed as combinable, unless the context of the disclosure clearlydictates otherwise.

Many modifications and other implementations of the disclosure set forthherein will come to mind to one skilled in the art to which thedisclosure pertains having the benefit of the teachings presented in theforegoing description and the associated drawings. Therefore, it is tobe understood that the disclosure is not to be limited to the specificimplementations disclosed and that modifications and otherimplementations are intended to be included within the scope of theappended claims. Moreover, although the foregoing description and theassociated drawings describe example implementations in the context ofcertain example combinations of elements and/or functions, it should beappreciated that different combinations of elements and/or functions maybe provided by alternative implementations without departing from thescope of the appended claims. In this regard, for example, differentcombinations of elements and/or functions than those explicitlydescribed above are also contemplated as may be set forth in some of theappended claims. Although specific terms are employed herein, they areused in a generic and descriptive sense only and not for purposes oflimitation.

What is claimed is:
 1. A mobile device comprising: one or more biometricsensors configured to acquire a physiological marker from which a useris identifiable and thereby authenticated; a short-range communicationinterface configured to implement short-range communication technologyand enable contactless payment capability of the mobile device; and aprocessor coupled to the one or more biometric sensors and short-rangecommunication interface, and programmed to at least: cause the one ormore biometric sensors to acquire the physiological marker, and identifyand authenticate the user based thereon; send a message to anauthentication server that indicates the user is authenticated, andreceive a response from the authentication server that includes a uniqueauthentication code; receive selection of a thereby selectedover-the-counter (OTC) drug; and communicate with a point-of-sale (POS)system with contactless payment capability, to purchase the selected OTCdrug using the short-range communication interface and the contactlesspayment capabilities of the mobile device and POS system, wherein theprocessor being programmed to communicate with the POS system includesbeing programmed to send a purchase message to the POS system thatincludes the unique authentication code an identifier of the selectedOTC drug, and payment information, the POS system being configured tocommunicate with the authentication server to validate the uniqueauthentication code and to record a purchase transaction on a blockchainand with an authorization server to authorize payment for the selectedOTC drug based on the payment information, wherein the authenticationserver is operated by a service provider, and the processor is furtherprogrammed to enable the user to register an account with the serviceprovider before the message is sent to the authentication server, andthe processor is programmed to enable the service provider to verify theidentity of the user during account registration, and wherein theidentifier of the selected OTC drug is unique to a unit thereof, theidentifier of the selected OTC drug is recorded on the blockchain duringmanufacturing or packaging, and the purchase transaction recorded on theblockchain includes an identifier for the user, the identifier of theselected OTC drug, and a date and/or a time of purchase.
 2. The mobiledevice of claim 1, wherein the POS system has a known location, and theprocessor being programmed to authenticate the user based on thephysiological marker and communicate with the POS system using theshort-range communication interface locks-in the user therebyauthenticated at the known location.
 3. The mobile device of claim 1,wherein the processor is further programmed to at least: capture datafrom a proof of identity of the user; and send the data to the serviceprovider to enable the service provider to verify the identity of theuser from the data, the identity of the user being verified before theauthentication server is enabled to send the response that indicates theunique authentication code.
 4. An apparatus configured to implement aself-service kiosk or integrated shelf dispenser, the apparatuscomprising: one or more biometric sensors configured to acquire aphysiological marker from which a user is identifiable and therebyauthenticated; a processor coupled to the one or more biometric sensors,and programmed to at least: cause the one or more biometric sensors toacquire the physiological marker, and identify and authenticate the userbased thereon; send a message to an authentication server that indicatesthe user is authenticated, and receive a response from theauthentication server that includes a unique authentication code;receive selection of a thereby selected over-the-counter (OTC) drug;complete a purchase of the selected OTC drug, including the processorbeing programmed to send a purchase message to the authentication serverthat includes the unique authentication code, an identifier of theselected OTC drug, and payment information, the processor beingprogramed to send the purchase message for the authentication server tovalidate the unique authentication code and to record the purchasetransaction on a blockchain and for the authentication server tocooperate with an authorization server to authorize payment for theselected OTC drug based on the payment information; and receive anencrypted code to authorize release of the selected OTC drug, whereinthe authentication server is operated by a service provider, and theprocessor is further programmed to enable the user to register anaccount with the service provider before the message is sent to theauthentication server, and the processor is programmed to enable theservice provider to verify the identity of the user during accountregistration, and wherein the identifier of the selected OTC drug isunique to a unit thereof, the identifier of the selected OTC drug isrecorded on the blockchain during manufacturing or packaging, and thepurchase transaction recorded on the blockchain includes an identifierfor the user, the identifier of the selected OTC drug, and a date and/ora time of purchase; and a dispenser coupled to the processor and causedthereby to dispense the selected OTC drug after the purchase iscompleted.
 5. The apparatus of claim 4, wherein the processor is furtherprogrammed to at least: capture data from a proof of identity of theuser; and send the data to the service provider to enable the serviceprovider to verify the identity of the user from the data, the identityof the user being verified before the authentication server is enabledto send the response that indicates the unique authentication code. 6.An apparatus configured to implement an authentication server, theapparatus comprising: a processor and a memory storing executableinstructions that in response to execution by the processor cause theapparatus to at least: receive a message related to a purchase of anover-the-counter (OTC) drug by a user, the message indicating the useris authenticated, the message being received from a mobile device,self-service kiosk or integrated shelf dispenser; send a response to themobile device, self-service kiosk or integrated shelf dispenser, theresponse including a unique authentication code; receive a purchasemessage that includes the unique authentication code, an identifier of aselected OTC drug, and payment information, the purchase message beingreceived from a point-of-sale (POS) system, or the self-service kiosk orintegrated shelf dispenser; validate the unique authentication code;record a purchase transaction on a blockchain; cooperate with anauthorization server to authorize payment for the selected OTC drugbased on the payment information; and return an encrypted code to thePOS system, self-service kiosk or integrated shelf dispenser toauthorize release of the selected OTC drug, wherein the apparatus isoperated by a service provider, and the processor is further programmedto enable the user to register an account with the service providerbefore the message related to the purchase of the OTC drug is receivedby the apparatus, and the processor is programmed to enable the serviceprovider to verify the identity of the user during account registration,and wherein the identifier of the selected OTC drug is unique to a unitthereof, the identifier of the selected OTC drug is recorded on theblockchain during manufacturing or packaging, and the purchasetransaction recorded on the blockchain includes an unique for the user,the identifier of the selected OTC drug, and the date and/or time ofpurchase.
 7. A method comprising: acquiring, via one or more biometricsensors of a mobile device, a physiological marker from which a user isidentifiable and thereby authenticated; and at the mobile device;identifying and authenticating the user based on the physiologicalmarker; sending a message to an authentication server that indicates theuser is authenticated, and receiving a response from the authenticationserver that includes a unique authentication code; receiving selectionof a thereby selected over-the-counter (OTC) drug; and communicatingwith a point-of-sale (POS) system with contactless payment capability,to purchase the selected OTC drug using the short-range communicationinterface and the contactless payment capabilities of the mobile deviceand POS system, wherein communicating with the POS system includessending a purchase message to the POS system that includes the uniqueauthentication code, an identifier of the selected OTC drug, and paymentinformation, the POS system communicating with the authentication serverto validate the unique authentication code and to record a purchasetransaction on a blockchain and with an authorization server toauthorize payment for the selected OTC drug based on the paymentinformation, wherein the authentication server is operated by a serviceprovider, and the user registers an account with the service providerbefore the message is sent to the authentication server, and the serviceprovider verifies the identity of the user during account registration,and wherein the identifier of the selected OTC drug is unique to a unitthereof, the identifier of the selected OTC drug is recorded on theblockchain during manufacturing or packaging, and the purchasetransaction recorded on the blockchain includes the unique identifierfor the user, the identifier of the selected OTC drug, and a date and/ora time of purchase.
 8. The method of claim 7, wherein the POS system hasa known location, and authenticating the user based on the physiologicalmarker and communicating with the POS system using the short-rangecommunication interface locks-in the user thereby authenticated at theknown location.
 9. The method of claim 7, further comprising: capturingdata from a proof of identity of the user; and sending the data to theservice provider to enable the service provider to verify the identityof the user from the data, the identity of the user being verifiedbefore the authentication server is enabled to send the response thatindicates the unique authentication code.